Brakeman

joshfng · Oct 26, 2024 · c70dd03 · c70dd03
1 parent 840fc1a
commit c70dd03
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 6 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -82,7 +82,7 @@ jobs:
           LOCKBOX_MASTER_KEY: ${{ secrets.LOCKBOX_MASTER_KEY }}
         run: |
           bin/bundler-audit --update
-          bin/brakeman -q -w2
+          bin/brakeman -q --no-pager
 
   tests:
     name: Tests

diff --git a/Gemfile b/Gemfile
@@ -3,7 +3,7 @@
 source 'https://rubygems.org'
 git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
-gem 'rails', '~> 6.1'
+gem 'rails', '~> 6.1', '>= 6.1.7.10'
 
 gem 'jbuilder'
 gem 'pg'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -268,12 +268,12 @@ GEM
     rubocop-performance (1.22.1)
       rubocop (>= 1.48.1, < 2.0)
       rubocop-ast (>= 1.31.1, < 2.0)
-    rubocop-rails (2.26.2)
+    rubocop-rails (2.27.0)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
       rubocop (>= 1.52.0, < 2.0)
       rubocop-ast (>= 1.31.1, < 2.0)
-    rubocop-rspec (3.1.0)
+    rubocop-rspec (3.2.0)
       rubocop (~> 1.61)
     ruby-progressbar (1.13.0)
     sass-rails (6.0.0)
@@ -361,7 +361,7 @@ DEPENDENCIES
   puma
   rack-canonical-host
   rack-mini-profiler
-  rails (~> 6.1)
+  rails (~> 6.1, >= 6.1.7.10)
   redis
   redis-namespace
   rexml

diff --git a/Makefile b/Makefile
@@ -22,7 +22,7 @@ lint-ruby:
 	docker compose run --rm app rubocop -a
 
 lint-security:
-	docker compose run --rm app brakeman
+	docker compose run --rm app -- bin/bundler-audit --update && bin/brakeman -q --no-pager
 
 ci:
 	docker compose run --rm test rspec

diff --git a/config/brakeman.ignore b/config/brakeman.ignore
@@ -0,0 +1,25 @@
+{
+  "ignored_warnings": [
+    {
+      "warning_type": "Unmaintained Dependency",
+      "warning_code": 120,
+      "fingerprint": "d84924377155b41e094acae7404ec2e521629d86f97b0ff628e3d1b263f8101c",
+      "check_name": "EOLRails",
+      "message": "Support for Rails 6.1.7.10 ended on 2024-10-01",
+      "file": "Gemfile.lock",
+      "line": 195,
+      "link": "https://brakemanscanner.org/docs/warning_types/unmaintained_dependency/",
+      "code": null,
+      "render_path": null,
+      "location": null,
+      "user_input": null,
+      "confidence": "High",
+      "cwe_id": [
+        1104
+      ],
+      "note": "Rails 6.1.7.10 was released 3 days after the date this says support ended"
+    }
+  ],
+  "updated": "2024-10-26 14:12:40 +0000",
+  "brakeman_version": "6.2.2"
+}